Backdoor

Backdoor.Win32.Emotet.amcg malicious file

Malware Removal

The Backdoor.Win32.Emotet.amcg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Emotet.amcg virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Expresses interest in specific running processes
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Russian
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Backdoor.Win32.Emotet.amcg?



File Info:

crc32: 32EFE0AE
md5: fb82509c6a2fed7fbb6fb87340bdfcee
name: upload_file
sha1: cb94681cd76179877703256c63595a4e347e52dc
sha256: 925e47d2963b590cb398470cd8ea02bb6bd0afb4c9f175029bbc90eecc49187c
sha512: 0558351c24a109fd856154aacb165ddfff8267fdffe911dba3700b6b778dda3398dcf2cc626e24db0d2899b354071f9d234fd50017e2084e2c3116b59e23fbc6
ssdeep: 6144:dPHIFvHxVBxWrhtOjMcD+t14e13gvXr7fa+CYSTWy:dPoFPxVB0r/OjMciV1yja+3s
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: nlsbres.dll
FileVersion: 6.1.7601.23572 (win7sp1_ldr.161011-0600)
CompanyName: Microsoft Corporation
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 6.1.7601.23572
FileDescription: NLSBuild resource DLL
OriginalFilename: nlsbres.dll
Translation: 0x0409 0x04b0

Backdoor.Win32.Emotet.amcg also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.69120
FireEyeTrojan.GenericKDZ.69120
ALYacTrojan.Agent.EUGP
K7AntiVirusTrojan ( 0056b94b1 )
BitDefenderTrojan.GenericKDZ.69120
K7GWTrojan ( 0056b94b1 )
F-ProtW32/Kryptik.BRY.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
KasperskyBackdoor.Win32.Emotet.amcg
AlibabaTrojan:Win32/Emotet.a75a51a6
RisingTrojan.Kryptik!1.C82B (CLASSIC)
Ad-AwareTrojan.GenericKDZ.69120
DrWebTrojan.DownLoader34.10090
VIPRETrojan.Win32.Generic!BT
Invinceaheuristic
FortinetW32/GenKryptik.EPAZ!tr
EmsisoftTrojan.Emotet (A)
IkarusTrojan.Win32.Krypt
CyrenW32/Kryptik.BRY.gen!Eldorado
MAXmalware (ai score=89)
ArcabitTrojan.Generic.D10E00
ZoneAlarmBackdoor.Win32.Emotet.amcg
MicrosoftTrojan:Win32/Emotet.DGK!MTB
AhnLab-V3Trojan/Win32.Kryptik.R346329
McAfeeEmotet-FRI!FB82509C6A2F
MalwarebytesTrojan.MalPack.TRE
ESET-NOD32a variant of Win32/GenKryptik.EPHQ
GDataTrojan.GenericKDZ.69120
BitDefenderThetaGen:NN.Zextet.34144.vq0@aO1BLifk
AVGFileRepMalware
Paloaltogeneric.ml
Qihoo-360Win32/Backdoor.ebd

How to remove Backdoor.Win32.Emotet.amcg?

Backdoor.Win32.Emotet.amcg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment